Department of Corrections and Rehabilitation - Operations Manual

Cancel

Chapter 4 – Information Technology

Article 56 – Firewall Configuration Policy

March 14, 2022

View All Sections >

49130.6  Roles and Responsibilities

  • The department Chief Information Officer (CIO) or Designee:

    • Owns this policy and is responsible for ensuring that all users of department information assets are aware of this policy and acknowledge their individual responsibilities.

    • Is responsible for ensuring that this policy is reviewed annually and updated accordingly.

    • Is required to audit and assess compliance with this policy at least once every two (2) years.

  • The department Information Security Officer (ISOInformation Security Officer):

    • Is responsible for the oversight and coordination of entity information security policies and procedures.

  • The department Owners of Information Assets and Program Management:

    • In collaboration with the Information Asset Custodians, are responsible for ensuring the protection of information assets under their purview.

  • The department Information Asset Custodians:

    • In collaboration with the Information Asset Owners, are responsible for ensuring implementation of this policy and its directives.

    • Shall review firewall security logs in accordance with this policy. 

    • Shall notify the department ISOInformation Security Officer and the asset owner shall a security incident occur.

  • The department Firewall Administrators:
    Are responsible for managing firewall policies, updates, upgrades, software, installations, as well as other network security solutions. As access and network requirements change, firewall policies shall be updated to reflect these changes.